Grant Thanks for your response. On 5/24/05, Taylor, Grant <gtaylor@xxxxxxxxxxxxxxxxx> wrote: > Do you have Verizon or CentryTel? That type of price scalping is *VERY* common around here. > I am wayyy out in India. Broadband & DSLs are still hightech around here & quite expensive. e.g. I am being charged around 45 USD for one GB extra bandwidth consumption on my 256 kbps ADSL connection. > I guess the difference in the connection would be if you can live with your servers being off the net for a while and just have internal / LAN internet access or if you need to still be able to serve content to the world. Something you might consider doing would be finding someone to offer backup MX and DNS hosting for you. (I know a couple of people, my self included, who would be willing to help.) If all you need is the former, I would strongly go with the Cable Modem connection. Yes, thats what I was planning to do, as soon as I get my setup..up & working. > I don't think that I would plug multiple INet connections in to a (unmanaged layer 2) switch and then plug that switch in to a NIC for your internet connectivity. I am hopping that I read what you wrote wrong. Well..I can be real dumb...thats exactly what I wrote. >What you *CAN* do is get a layer 2 manged switch that supports 802.1Q VLANs and assing a VLAN to two ports on the switch, one of which is the port to your firewall and the other to a particular INet connection. If you use a 24 port managed switch you could hook up 24 different DSL / Cable Modems to one NIC in a computer. I have done this with wonderful success! Using this method you could easily have multiple links via 802.1d bridging (STP) or bonding to make sure that you have a connection from your system to managed switch even if a cable gets unplugged. > Hmmm...point taken..thanks..will do this. > > Is this type os scenario: > > > > 1. Possible? > > Yes, very! > One point validated ;-) thanks. > > 2. Easily maintainable? Especially on top an existing firewall distro, > > that can be tweaked...maybe ipcop or some other, so that I don't have > > to individually keep up with all the security updates that are bound > > to come. Suggestions on any firewall gateway distro that would be more > > amenable to any such solution that is suggested. Or do I have to do it > > fully? > > Well, don't run your services on the firewall. Use an old ""white box as your firewall / gateway so that you don't have to worry about keeping it as up to date as it will not be serving any services to the outside world and thus *MUCH* harder to hack. This will allow you to run your distro of choice on your servers, where you know how to keep it up to date. Besides it is a bad idea run services that could be exploited on a firewall. > No, I have a seperate firewall box on my network. I don't run any services on it and use it only for port forwarding to the DMZ server. I use a linux firewall distro (www.ipcop.org) not a full linux distro. My question actually was that my present firewall is a sort of appliance. I put the CD in, boot with it...it gets automatically installed...i just assign the ips & go to the web interface and setup port forwarding etc...and I'm done...every new release...same thing happens. Now, under the scenario of multiple routes using iproute2...should use such existing firewalls and run iproute2 on top of it or do I have to roll my own gateway on linux. What's advisable? & easier for my kind of admin.a follower ;-) > I think you want to do some reading on setting up additional routing tables vi the "ip route" command and then use some routing rules (set up via the "ip rule" command) to define which traffic uses which routing table. Any Linux advanced routing document should go in to this. > Thanks...will check. > > Also, I would like to bifurcate traffic, especially downloads using > > ftp, rsync (and if possible http downloads too) to go through the > > private ip flat rate link. Something that seperates traffic by ports. > > This is doable, via different routeing tables for different types of traffic, ssh, smtp, ftp, etc. > Hmm...thanks buddy...you just enrolled me back into school. > > Request routing Gurus help me please. Am on a shoestring budget and > > can't afford commercial hardware solutions that offer this kind of > > functionality, IAC..don't even know of one that is specifically for > > low-cost DSL usage. > > Can you afford to dedicate an old computer to this task? Am already running my firewall on a dedicated PIII-550. Can dedicate that machine or even another one..that's something I already have. > If you really need it could you buy a $300 layer 2 managed switch? (D-Link DES-3226L (http://dlink.com/products/?sec=0&pid=298) is what I used for my 8 cable modem set up.) > Thanks...will check it out. Thank you once more...you have been a lot of help. With regards. Sanjay. P.S: List replied directly to your address...so cc'd the list but what's the etiquette on this list..does the thread go private after the initial mail or does one remove the sender's address and put the list address back in...so why not make the list put in the list address as reply address. What I have done will cause two mails to be sent to you....anyone? _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
